The Shannon cipher system with a guessing wiretapper

The Shannon theory of cipher systems is combined with recent work on guessi ng values of random variables. The security of encryption systems is measur ed in terms of moments of the number of guesses needed for the wiretapper t o uncover the plaintext given the cryptogram, While the encrypter aims at m aximizing the guessing effort, the wiretapper strives to minimize it, e.g., by ordering guesses according to descending order of posterior probabiliti es of plaintexts given the cryptogram. For a memoryless plaintext source an d a given key rate, a single-letter characterization is given for the highe st achievable guessing exponent function, that is, the exponential rate of the pth moment of the number of guesses as a function of the plaintext mess age length. Moreover, we demonstrate asymptotically optimal strategies for both encryption and guessing, which are universal in the sense of being ind ependent of the statistics of the source. The guessing exponent is then inv estigated as a function of the key rate and related to the large-deviations guessing performance.